package com.kl.oauth2.controller;

import org.springframework.web.bind.annotation.PostMapping;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;

@SuppressWarnings("all")
public class ProtectedController {

    @PostMapping(value = "protectedServlet")
    public void resource(HttpServletRequest request) {
        // 省略验证代码......

        String accessToken = request.getParameter("token");

        // 根据当时授权的token对应的权限范围，做相应的处理动作
        // 不同权限对应不同的操作
        String[] scopes = OauthController.tokenScopeMap.get(accessToken);

        StringBuilder builder = new StringBuilder();
        for (String s : scopes) {
            builder.append(s).append("|");
        }

        System.out.println(builder);

        List<String> list = new ArrayList<>();
        String res;
        if (builder.toString().indexOf("query") > 0) {
            res = queryGoods("");
            list.add(res);
        }

        if (builder.toString().indexOf("add") > 0) {
            res = addGoods("");
            list.add(res);
        }

        if (builder.toString().indexOf("del") > 0) {
            res = delGoods("");
            list.add(res);
        }

        System.out.println(list);

        //不同的用户对应不同的数据
        String user = OauthController.tokenMap.get(accessToken);
        res = queryOrders(user);
        System.out.println(res);
    }

    private String queryGoods(String id) {
        return "查询商品";
    }

    private String addGoods(String goods) {
        return "商品添加成功";
    }

    private String delGoods(String id) {
        return "商品删除成功";
    }

    private String queryOrders(String user) {
        return "查询订单";
    }
}
